Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for identifying network encrypted traffic

A flow recognition and network technology, applied in character and pattern recognition, biological neural network models, instruments, etc., can solve the problems of high time-consuming and poor real-time performance of flow recognition algorithms, and achieve automatic learning, solve classification problems and data inconsistencies The effect of balance

Active Publication Date: 2022-07-26
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The purpose of the present invention is to overcome the deficiencies in the prior art and provide a method and device for network encrypted traffic identification, which solves the problems of high time-consuming traffic identification algorithm and poor real-time performance caused by encryption technology in the current network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying network encrypted traffic
  • Method and device for identifying network encrypted traffic
  • Method and device for identifying network encrypted traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0089] The present invention provides a network encryption traffic identification method, which is characterized in that it includes the following processes:

[0090] Obtain the encrypted traffic file to be identified;

[0091] The encrypted traffic to be identified is preprocessed, and the preprocessing includes: dividing the encrypted traffic flow into multiple flows; then collecting multiple continuous data packets from each flow as samples; finally performing vectorization, Standardize to obtain a formatted sample vector set;

[0092] Inputting the sample vector set obtained after preprocessing into the pre-trained hybrid neural network model to obtain a prediction vector, where the element values ​​in this prediction vector represent the predicted values ​​of encrypted traffic belonging to each category;

[0093]The hybrid neural network model includes: a 1D-CNN network, a stacked bidirectional LSTM network, and a fully connected layer network; the 1D-CNN network perform...

Embodiment 2

[0097] The extraction of features used to identify encrypted traffic is related to traffic preprocessing methods, vectorization methods, and information on different parts of the traffic data stream. For example, the meta-information and payload information of the traffic, which can provide different and effective characteristics for the identification of encrypted traffic. In this solution, on the one hand, consider using information such as flow meta information, partial payload of data packets, and timing characteristics between data packets to improve data integrity. On the other hand, a hybrid neural network model is designed in this method for automatic representation learning of the above information.

[0098] figure 1 This is the overall frame diagram of the method of the present invention, which mainly includes two stages: a preprocessing stage and a classification stage. The preprocessing stage directly converts the original traffic into standard data, which includ...

Embodiment 3

[0181] Correspondingly, the present invention also provides a network encrypted traffic identification device, including an encrypted traffic acquisition module, a preprocessing module, a classification prediction module and a classification identification module; wherein:

[0182] The encrypted traffic acquisition module is used to acquire the encrypted traffic file to be identified;

[0183] A preprocessing module, used for preprocessing the encrypted traffic to be identified, the preprocessing module includes a stream segmentation unit, a collection unit and a vectorization unit, wherein:

[0184] The stream splitting unit is used to split the encrypted traffic stream into multiple streams;

[0185] a collection unit for collecting a plurality of consecutive data packets as samples from each flow;

[0186] The vectorization unit is used to vectorize and standardize each sample to obtain a formatted sample vector set;

[0187] The classification prediction module is used t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network encrypted traffic identification method and device. The method includes a preprocessing stage and a classification stage. In the preprocessing stage, the original flow is divided, sampled, vectorized and standardized, and a sampling scheme in large flow is proposed to solve the classification problem of large flow. In the classification stage, CNN is used for spatial feature capture and abstract feature extraction, and then on the basis of abstract features, stacked bidirectional LSTM is used to learn traffic time series features to achieve automatic feature extraction and efficient identification of encrypted traffic. The method is versatile, can automatically extract the spatiotemporal features of encrypted traffic without the need for manual feature design by experts, and can adapt to changes in traffic characteristics caused by different encryption technologies and obfuscation technologies.

Description

technical field [0001] The invention specifically relates to a method for identifying network encrypted traffic, and also relates to a device for identifying network encrypted traffic, which belongs to the technical fields of deep learning, network traffic analysis and cyberspace security application. Background technique [0002] Traffic classification is one of the most important tasks in modern network communication, but due to the popularization of encryption technology and the rapid growth of network throughput, it becomes more and more difficult to achieve high-speed and accurate identification of encrypted traffic. Encrypted traffic classification is of great significance to traffic engineering, network resource management, QoS (Quality of Service), and cyberspace security management. In recent years, there has also been a huge demand for encrypted traffic analysis and management in new network fields such as IoT networks, software-defined networks, and mobile Interne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/04
CPCG06N3/049G06N3/044G06N3/045G06F18/214
Inventor 徐小龙林焜达
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com